SAN FRANCISCO — Hackers who broke into as many as 2.27 million accounts of a computer cleaning program were targeting telecom equipment companies in the United States, Japan, South Korea and Taiwan, security company Avast told USA TODAY Thursday.

When Avast, which owns the program, looked at the computer logs it was able to recreate after the attack, it found just 23 compromised computers at eight different companies. The hackers' program was specifically looking for companies on a list of telecom equipment manufacturers and a few telecommunication companies, attacking many but only infecting a portion, AVAST wrote in a blog posted Thursday night.

The discovery is the latest in a lengthening list of cyber attacks at businesses. The CCleaner malware has been particularly malevolent — and choosy.

In the breach reported on Tuesday, researchers found hackers had hidden malware in the popular program, which cleans cookies and junk programs from PCs and Android phones to make them run faster. That malware then sent information back to the hackers about the compromised computers, including their Internet addresses and who had access to them.

When it found a company on its list of telecom providers, it deployed a second piece of malware that allowed the hackers to take over the computer and begin mining it for information.

There may have been other companies hit as well but Avast couldn't access the records because the attackers experienced disk troubles and wiped the computer where they stored their stolen data, Avast CEO Vince Steckler told USA TODAY.

The malware made what's known as a watering hole attack, "because the lion lays in wait and sees hundreds of animals come by to drink but he only attacks the one he wants for dinner," said Steckler.

Unsuspecting company employees downloaded what they thought was an innocuous cleaning tool, which instead gave the attackers access to their corporate system — but only if they worked in the sector the hackers were targeting.

"They're basically looking for an easy way into the corporate network rather than having to hack into it," Steckler said.

In the vast majority of cases the malware ended up on the computer of someone not on the list of targeted companies and nothing happened, he said.

It's not clear why the hackers were targeting the telecoms sector. One scenario is that the malware and the network to run it was created specifically to target telecom equipment companies.

But another is that the hackers built the network and then went looking for customers they could customize it for. So one month it might be rented out to someone looking for the industrial secrets of telecom equipment companies but the next month it might be focused on searching for secrets at aviation or food processing companies.

"Obviously with a piece of broadly distributed software like this, they could target lots of sectors," Steckler said.

Late Wednesday, Cisco Talos, the security research arm of San Jose, Calif.-based Cisco, said it had found the malware contained a hidden "attack within the attack" that specifically targeted large tech companies, possibly to do commercial or state-level espionage. It had not narrowed the targets to telecom equipment companies.

Avast researchers didn't name the companies it had identified. Some of the world's top telecom gear makers include Cisco, Huawei and Ericsson.

The culprits are still unknown. The malware runs on code related to code used by a group known to work out of China. However, the code has been in use for quite awhile, so it's possible at this point that someone else simply bought it, Steckler said.

Czech-based Avast bought the London-based firm Piriform, which produces the CCleaner, in July.

Most disturbing of all is that the malware was able to hide itself in the CCleaner program for at least four weeks before it was discovered, so well-written that it didn't trigger security systems and anti-virus programs.

"This was flying under the radar. So maybe there are others out there as well that we don't know about," Steckler said.